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SYETEM & METHOD FOR DISRTTOUTING, PRINTING AND AUTHENICATTON OF 
POSTAGE INDICIA OVER A NETWORK 



Field Of The Invention 

The invention relates generally to the field of systems and methods for distributing postal 
indicia and more particularly to systems and methods for distributing postage over a public network 
in a maimer that is secure in the case of third parly interception, indicia which can be efficiently 
printed by a postal customer on items to be mailed, and a system that facilitates authentication of the 
printed indicia. 

Background Of The Invention 

There are several generally accepted systems for accounting for postage for items to be 
mailed with a postal delivery service such as the U. S . Postal Service. In one such system, the postal 
customer purchases postal stamps from the postal delivery service, which he or she affixes directly 
to each item to be mailed. When the postal delivery service receives the item, it will need to verify 
that the value of the stamp or stamps on the item is sufficient for the service. Postal delivery services 
such as the U. S. Postal Service currently use appearance-based mechanisms to veri fy that the stamps 
are authentic, and in addition to verify the value of the stamp(s) on the item and determine whether 
the value is sufficient. Generally, stamps must be purchased by the postal customer directly or 
indirectly from the postal delivery service and are considered primarily useful by low-volume 
customers. 

Higher- volume postal customers typically use otherpostage accounting systems. In the other 
systems, most notably in metered systems, a postal customer makes use of a meter to apply postal 
"indicia" to respective items to be mailed, each indicium identifying the value of the postage applied 
thereto. Prior to using the meter, the postal customer purchases postage from the postal delivery 
service representing a bulk value which may be applied to item(s) to be mailed. As each postage 
indicium is applied by the meter to items to be mailed, the value of the postage represented by the 
indicium is deducted from the value remaining in the meter, which value can be replenished as 
necessary. As with the stamp-based system, postal delivery services such as the U. S . Postal Service, 
uses appearance-based mechanisms to verify that the indicium on each item to be mailed is authentic 
and to determine whether the value represented by the indicium is sufficient. 
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For some time, it has been acknowledged that current appearance-based mechanisms for 
verifying the authenticity and value represented by postal indicia are insufficient to protect postal 
revenue. To address that problem, the U. S. Postal Service has been developing a specification, 
called the Information Based Indicia Program ("IBIP"), which requires each indicium to include 
significantly more information to detail a postage transaction than is currently required, and to 
require that the information be cryptographically signed so that it cannot be altered. Although this 
system is secure, in order to accommodate the information required, each indicium must be printed 
using a dense, two-dimensional barcode. A number of problems arise in connection with use of a 
dense two-dimensional barcode such as would be required by the IBIP. First, since the barcode is 
quite dense, errors can develop during scanning, particularly in connection with items which are 
creased or soiled. In addition, since the barcode contains a large amount of information, the time 
required to process the information related to each item can be significant, which can result in delays. 

A further problem arises in connection with the IBIP. The IBIP contemplates that postage 
purchased by a postal customer be maintained in a secure special-purpose hardware device termed 
a Postal Security Device ("PSD"). The PSD maintains the security of the information which would 
be used in connection with the indicia required for the IBIP, most notably the value of the postage 
purchased by the postal customer. The PSD can enable any printer that meets the image 
specifications which are required of the indicia by the IBIP to print the indicia, so that the postal 
customer can move from one printer to another to print indicia merely by disconnecting the PSD 
from the one printer and connecting it to the other. While this flexibility is advantageous, it does 
require rental or purchase of the PSD. 

Summary Of The Invention 

The invention provides a new and improved system and method for distributing postage over 
a public network in a manner that is secure in the case of third party interception, indicia which can 
be efficiently printed by a postal customer on items to be mailed, and a system that facilitates 
authentication of the printed indicia. 

In brief summary, the invention provides a system for distributing postage over a public 
network in a manner that is secure in the case of third party interception, indicia which can be 
efficiently printed by a postal customer on items to be mailed, and a system that facilitates 
authentication of the printed indicia.. When the postal customer purchases postage from the postal 
service, the postal service provides information which the postal customer uses to generate pseudo- 
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random numbers associated with the respective units of postage. When the postal customer prints 
an indicium for a respective unit, it appends the associated pseudo-random number, which the postal 
service uses to authenticate the indicium. The pseudo-random numbers are generated using a 
methodology by which the postal customer can generate pseudo-random numbers for units which 
have been purchased, but not for units which have not yet been purchased. Each indicium represents 
an amount of information which can be printed using a one-dimensional barcode, instead of two- 
dimensional barcodes required in other systems. The postal service maintains a running record of 
the units of postage which have been used by the postal customer, and so the postal customer cannot 
use a unit for more than one indicium. Thus, devices such as the postal security device ("PSD") are 
not needed by the postal customer, which provides for enhanced flexibility in printing the indicia. 

Brief Description Of The Drawings 

This invention is pointed out with particularity in the appended claims. The above and 
further advantages of this invention may be better understood by referring to the following 
description taken in conjunction with the accompanying drawings, in which: 

FIG. 1 is a functional block diagram of a postal system constructed in accordance with the 
invention; 

FIGS. 2 through 4 are flowcharts depicting operations performed by the postal system in 
accordance with the invention. 

Detailed Description of an Illustrative Embodiment 
FIG. 1 is a functional block diagram of a postal system 1 0 constructed in accordance with the 
invention. With reference to FIG. 1, postal system 10 includes a postal office system 11, and one 
or more postal customer systems 12(1) through 12(N) (generally identified by reference numeral 
12(n)). The postal office system 1 1 is maintained by a postal delivery service, such as the U. S. 
Postal Service. Each of the postal customer systems 1 2(n) is used by a postal customer, in particular, 
someone who will wish to avail him- or herself of postal delivery and other services provided by the 
postal delivery services. Each postal customer system 12(n) can connect to the postal office system 
1 1 over a communication link 13, which may include, for example, one or more public networks 
such as the Internet, private networks, the public telephony system, or the like, or any combination 
thereof, to facilitate transfer of information, as described below, between the respective postal 
customer system 1 2(n) and the postal office system 11. 
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In particular, each postal customer system 12(n) can engage in an information transfer over 
the communication link 1 3 to facilitate the purchase by the respective postal customer system I2(n) 
of postage in bulk from the postal office system 1 1 . The purchase of postage essentially authorizes 
the respective postal customer system 1 2(n) to print postal indicia on items to be mailed representing 
postage of a value represented by the indicia, which the postal delivery service will honor when it 
receives the respective items. Thus, after a postal customer system 12(n) purchases postage from 
the postal office system 11, it (that is, the postal customer system 12(n)) is permitted to print 
authentic postage indicia on items to be mailed using the postal delivery service, after which the 
respective postal customer can provide the respective items to the postal delivery service for mailing. 
The postal office system 1 1 , after being provided with an item to be mailed by a postal customer, can 
scan the postage indicium printed thereon by the customer's postal customer system 1 2(n) to verify 
its authenticity and that the postage represented thereby is sufficient for the class of service to be 
provided in connection therewith. Operations performed by the postal office system 1 1 and a postal 
customer system 12(n) will be described in detail below. 

More specifically, and with continued reference to FIG. 1, the postal office system 1 1 
includes a number of elements, including one or more network interfaces 20, a customer database 
2 1 , and postal scanning equipment 22, all connected to and controlled by a control module 23 . The 
postal scanning equipment 22 is provided to scan, inter alia, postage indicia on items that are 
provided by the postal customers to be mailed and to communicate with the control module 23 to 
facilitate the verification of authenticity of the scanned postal indicia and the sufficiency of the 
amount of postage represented by the scanned postal indicia for the service to be provided. 
Generally, the postal scanning equipment 22 may comprise individual scanners (not separately 
shown) which are distributed among a number of postal offices at which mailed items are received 
by the postal delivery service from postal customers. On the other hand, the other elements of the 
postal office system 11, in particular the control module 23, customer database 21 and network 
interface(s) 20, may be located remote therefrom at a centralized location to which all of the scanners 
may connect over, for example, a network. 

The network interface(s) 20, customer database 2 1 and control module 23 may be in the form 
of a digital computer system or a plurality of computer systems, which may be interconnected, which 
facilitate the purchase by postal customers of postage. Each computer system will typically be in 
the form of a server computer including a processor module, and may also include operator interface 
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elements comprising operator input components such as a keyboard and/or a mouse and an operator 
output element such as a video display device. The server computer is generally of the conventional 
stored-program computer architecture. The processor module includes, for example, processor, 
memory and mass storage devices such as disk and/or tape storage elements, which perform 
processing and storage operations in connection with digital data provided thereto. The operator 
input elements permit an operator to input information for processing. The video display device is 
provided to display output information generated by the processor module on a screen to the 
operator, including data that the operator may input for processing, information that the operator may 
input to control processing, as well as information generated during processing. The processor 
module generates information for display by the video display device using a so-called "graphical 
user interface" ("GUT'), in which information for various applications programs is displayed using 
various "windows'*. Although the computer is indicated as comprising particular components, such 
as the keyboard and mouse for receiving input information from an operator, and a video display, 
device for displaying output information to the operator, it will be appreciated that the computer may 
include a variety of components in addition to or instead of those described above. In addition, the 
processor module includes one or more network ports, which are connected to communication links 
which connect the computer to the communication link 13. 

More specifically, the network interface(s) 20, which include the network ports described 
above, connect to the communication link 1 3 and facilitate communications with the postal customer 
systems 12(n) to enable them (that is, the postal customer systems 12(n)) to purchase postage from 
the postal delivery system. The respective network interface(s) 20 receive messages transmitted by 
the postal customer systems 12(n) over the communication link 13 and extracts the information 
contained therein for provision to the control module 23. In addition, the respective network 
interface(s) 20 receives information from the control module 23 for transmission to respective postal 
customer systems I2(n), formats the information into messages and transmits the messages over the 
communication link 13 to the respective postal customer systems 12(n). The messages may have 
any convenient format or structure, and may be transferred over the communication link 1 3 in 
accordance with any convenient information transfer protocol. 

The customer database 21, which forms part of the mass storage devices described above, 
stores information, as will be described below, regarding the postal customers, including customer 
account identifiers for the respective postal customers and the amounts of postage purchased thereby. 
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In addition, the customer database 21 stores information as to the particular units (such as pennies) 
of postage, from the postage which has been purchased, which have been utilized by the postal 
customers, as indicated by the postal indicia scanned by the postal scanning equipment, and thus also 
identifies the particular units which are available for usage, thereby to facilitate detection if the 
postal customer attempts to use the same unit of postage twice. Furthermore, the customer database 
21 stores information for the respective postal customers, which will be described below in detail, 
which is used in verifying the authenticity of postage indicia which has been scanned by the postal 
scanning equipment. 

The control module 23, which includes the processing devices described above, performs a 
number of functions. In particular, in connection with the purchase of postage by a postal customer, 
it receives information from the network interface(s) 20 representing purchase requests, determines 
whether the purchase is to be permitted, and generates information, described below, responsive to 
the request. If the request is from a new customer, the control module 23 can initiate establishment 
of a new account for the postal customer. If a postage purchase is to be permitted, the control 
module 23 generates information, which is provided to the network interfaced) 20 for transfer to the 
respective postal customer indicating the units of postage purchased, along with other information 
as described below which the customer uses in printing indicia which is useful in authenticating the 
indicia when scanned by the postal scanning equipment 22.. In addition, the control module 23 
enables the storage of information in the customer database 21 as to the units of postage purchased 
and the running total for the amount of postage purchased by the particular postal customer. In 
addition, the control module 23 may store information in the customer database 21 which is useful 
in authenticating indicia scanned by the postal scanning equipment 22. 

In connection with indicia scanned by the postal scanning equipment, the control module 23 
receives information from the indicia scanned by the postal scanning equipment, as will be described 
below in detail, authenticates the indicia and verifies that the units of postage as represented by the 
indicia are appropriate for the service to be provided and that the units are available in the postal 
customers' accounts as indicated in the customer database. Depending on the results of the 
authentication and verification for each item whose indicia was scanned, the control module 23 may 
allow or deny provision of the service. In addition, if the service is to be provided for a particular 
item, the control module 23 will mark the units of postage as represented by the indicia as "used" in 
the customer database 21. 
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The postal customer systems 12(n) may be generally similar to each other. Each postal 
customer system includes a network interface 30, postage database 31, and printer 32 all under the 
control of a control module 33. The network interface 30, postage database 31 and control module 
33 will typically be in the form of a personal computer, computer workstation or the like, which may 
be generally similar to the computer system used in connection with the postal office system 1 1, 
including a processor module and operator interface elements comprising operator input components 
such as a keyboard and/or a mouse and an operator output element such as a video display device. 
The postal customer systems 12(n) includes printer 32 to print postage indicia for use on items to be 
mailed. 

More specifically, the network interface 30 connects to the communication link 13 and 
facilitate communications with the postal office system 1 1 to enable the purchase of postage from the 
postal delivery system. The network interface 30 receives messages transmitted by the postal officer 
system 11 over the communication link 13 and extracts the information contained therein for , 
provision to the control module 33. In addition, the network interface 30 receives information from * 
the control module 33 for transmission to the respective postal office system 11, formats the 
information into messages and transmits the messages over the communication link 13 to the postal 
office system 1 1 . The messages may have any convenient format or structure, and may be 
transferred over the communication link 1 3 in accordance with any convenient information transfer 
protocol. 

The postage database 31, as will be described below in greater detail, stores the customer 
account identifier for the postal customers which maintains the postal customer system 1 2(n) as well 
as the amounts of postage purchased thereby. In addition, the postage database 3 1 stores information 
as to the particular units of postage, from the postage which has been purchased, which can be 
utilized by the postal customer for printing in postal indicia by printer 32. Furthermore, the postage 
database 31 stores information, which will be described below in detail, which is used in printing in 
postal indicia, which will be used by the postal office system 1 1 to verify the authenticity of postage 
indicia printed by the postal customer system 12(n). 

The control module 33 performs a number of functions. In particular, in connection with the 
purchase of postage from the postal office system 1 1 , it provides information to the network interface 
30 representing purchase requests, and receives information from the network interface 30 responsive 
thereto. As noted above, in response to a postage purchase request, the postal office system can 
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provide infonnation as to the units of postage which have been purchased, as well as other 
information which the postal customer system 12(n) will use in printing indicia, which other 
information, when used in connection with printing of indicia, is used by the postal office system 1 1 
to authenticate the indicia. The control module 33 can enable all of the information to be stored in 
the postage database 31. In connection with an indicium printed by the printer 32, the control 
module 33 determines the amount of postage to be represented by the indicium and retrieves 
information from the postage database 31 representative thereof, along with the authentication 
information, and enables the printer 32 to print that information, along with other information 
described below, on the indicium. 

In accordance with the invention, each postal indicium that the printer 32 prints on items to 
be mailed is represented by a barcode or other conveniently-scanned construct having a plurality of 
concatenated fields of the form 

<CUST_ID|SERV_CLASS|POST_AMT|TOT_POST|P_RAND_NO> 
in which 

(i) the CUSTJD customer identifier field contains a postal customer identifier value 
identifying the postal customer whose system 1 2(n) printed the indicia, 

(n) the SERV_CLASS service class field contains a postal rate class or service level identifier 
value that is to be used in connection with delivery of the item by the postal delivery service. 

(in) the POST_AMT postage amount field contains a postage amount value identifying the 
amount of postage that is represented by the indicium, 

(iv) the TOTJPOST total postage field contains a value identifying a running total amount 
of postage used by the postal customer including the postage contained in the POST_AMT field, 

(v) the P_RAND_NO pseudo-random number field contains a pseudo-random number 
generated as described below, and 

(vi) the "|" represents the concatenation operation. 

In one embodiment, the postage amount value contained in the POST.AMT is represented in 
pennies. In that embodiment, the sizes of the fields described above are 

(i) for the CUSTJD customer identifier field, on the order of twenty-five binary digits 
("bits"), allowing a maximum of on the order of thirty-two million (2 25 ) postal customers, 

(ri) for the SERV_CLASS service class field, on the order of four bits, allowing a maximum 
of on the order of sixteen (2 4 ) different postal rate classes or service levels, 
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(iii) for the POST_AMT postage amount field, on the order of twenty bits, allowing a 
maximum of on the order of $10,000.00 worth of postage (2 20 pennies), 

(iv) for the TOT_POST total postage field, on the order of twenty-eight bits, allowing a 
maximum of on the order of $2.6 million dollars of total postage for a particular postal customer as 
identified by the postal customer identifier value contained in the CUST_ID field, and 

(v) for the PJRAND_NO pseudo-random number field, on the order of ten bits, which would 
comprise, for example, the low-order ten bits of the pseudo-random number generated as described 
below, 

for on the order of eighty-seven bits to be represented by the indicium. It will be appreciated that 
an indicium of eighty-seven bits can be represented by a one-dimensional barcode, thereby avoiding 
any necessity of providing a two-dimensional representation as required by the U. S. Postal Service's 
IBIP. 

The postal customer identifier value to be used in the CUST_ID field is assigned to a postal 
customer by the postal delivery service, in particular by the postal office system 1 1 (FIG. 1 ). The 
postal office system 1 1 may assign a postal customer identifier value to a particular postal customer 
when the postal customer initially opens an account with the postal delivery service through which 
it (that is, the postal customer) will purchase postage from the postal office system 1 1 . In addition, 
the postal office system 1 1 may assign a new postal customer identifier value to the postal customer 
when the postal customer wishes to purchase postage which would make the running total amount 
of postage exceed the maximum value allowed by the TOT_POST total postage field of the 
indicium. A postal customer, using his or her postal customer system(s) 1 1 (n), can purchase postage 
from the postal office system 11 in a series of postage purchase sessions S,, S 2 , -..»S K (generally 
"S k ")» in each session the postal customer purchasing a block of postage that can be used in 
connection with one or more indicia. For example, if, in a session S k in which the postal customer 
wishes to purchase "M k " pennies worth of postage, he or she has previously purchased a total of "B k " 
pennies worth of postage, he or she will be able to purchase the postage using his or her current 
postal customer identifier value if the sum B\ = B k + M k does not exceed the maximum value 

allowed by the TOT_POST total postage field. If the sum B' k would exceed the maximum value 
allowed by the TOT_POST total postage field, then the postal office system 1 1 can assign the postal 
customer a new postal customer identifier value. It will be appreciated that: 

(a) the sum B' k for one session will be used as B k+I for the next session S^,, and 
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(b) the amounts M k which may be purchased during the various sessions S k may differ as 
among the respective sessions S k . 

As noted above, the TOT_POST total postage field of a postage indicium applied to an item 
to be mailed contains a value that identifies a running total amount of postage used by the postal 
customer including the postage contained in the POST_AMT field. Thus, if the postal customer 
system 12(n) has previously printed indicia for items to be mailed which total "b" pennies worth of 
postage, and if the amount of postage to be used in connection with the item to be mailed is "m" 
pennies (in which case the value "m" would be printed in the indicium in the POST_AMT postage 
amount field), then the value b'= b + m would be printed in the TOT_POST total postage field of 
the indicium. It will be appreciated that: 

(a) the sum b* for one indicium will be used as "b" for the next indicium, and 

(b) the amounts "m" which may be used as among the various indicia may differ as among 
the respective indicia, to correspond to the number of pennies of postage to be applied to the 
respective items with which the respective indicia are to be used. 

As further noted above, each indicium printed by a postal customer system 12(n) includes 
a P_RAND_NO pseudo-random number field that contains a pseudo-random number. The pseudo- 
random number that is used in connection with an indicium is selected from a sequence of pseudo- 
random numbers {r,)^ that can be generated by the postal customer system 12(n) from 

information provided by the postal office system 11 when the postal customer system 12(n) 
purchases postage from the postal office system 1 1 . In particular, suppose that during a session S k 
the postal customer system 12(n) purchases "M k " pennies and that he or she has previously 
purchased a total "B k " pennies worth of postage. Then the pennies that the postal customer 
purchases during that session S k can be identified by the sequence of indicies B k +l,...,B k +M k . By 
purchasing these pennies of postage, thepostal office system 1 1 provides the postal customer system 
12(n) with information that enables the postal customer system 12(n) to efficiently compute 

elements R Bt +\>-~*RB k +M k of " tne pseudo-random number sequence {/^ }" . When an indicium 

is printed for which the TOT_POST total postage field contains the value b', representing the value 
b+m, where "m" is the amount of postage to be used in connection with the item to be mailed, and 
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"b" is the total amount of postage of all previously printed indicia, then the value of the element 
" R b * ** from the pseudo-random number sequence will be used in connection with the indicium. 

It will be appreciated that, since the postal office system 1 1 provides the information from 
which the postal customer system 12(n) generated the pseudo-random number sequence, the postal 
office system 1 1 can generate the same pseudo-random number sequence and, after scanning an 
indicium, authenticate the indicium from the contents of the CUST_ID customer identifier, 
TOT_POST total postage and P_RAND__NO pseudo-random number fields. That is, if the postal 
office system 1 1 determines that the contents of the PJRAND_NO pseudo-random number field 
contains a value which corresponds to element " R T " of the pseudo-random number sequence as 

determined by the values in the CUSTJD customer identifier field and the T = TOT_POST total 
postage field, then it (that is, the postal office system 11) can determine with a high degree of 
probability that the indicium is authentic. On the other hand, if the postal office system 1 1 
determines that the contents of the P_RAND_NO pseudo-random number field contains a value 
which does not correspond to element " R " of the pseudo-random number sequence as 

determined by the values in the CUSTJD customer identifier field and the T = TOT_POST total 
postage field, then it (that is, the postal office system 11) can determine with certainty that the 
indicium is not authentic. If the postal office system 1 1 determines that the indicium is authentic, 
the postal delivery service can proceed with delivery of the item, but, if it (that is, the postal office 
system 11) determines that the indicium is not authentic, the postal delivery service can perform 
predetermined corrective actions. If the postal office system 1 1 determines that the indicium is 
authentic, it (that is, the postal office system 11) can additionally note in the customer database 21 
that pennies b+1 through b' = b+m have been used where "b 1 " is the total amount of postage 
TOT_POST of all printed indicia and "m" is the amount of postage POST_AMT used in connection 
with the item that has been mailed, so that, if an indicium is later scanned in which the POSTAMT 
postage amount and TOT_POST total postage fields identify a penny which has been previously 
used, it can also perform predetermined corrective actions. 

The postal customer systems 12(n) and postal office system 1 1 generate the pseudo-random 
number sequence using a selected methodology, the methodology preferably having properties 
described as follows. Given functions G s , F s , CK and PK such that G s : Z* {0,1 } u (that is, a "u" bit 
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binaiy integer), F s : Z {0, 1 } « (a "v" bit binary integer), CK : { 0, 1 r^(Wta function from a "w" b.t 
binary integer to a "c" bit binary integer) and PK : {0,1 }« {0, 1 }" (a function from a "w" bit binary 
integer to a "d" bit binary integer), and s {0,1 } w (an element of the set of "w" bit binary integers), 
such that: 

(i) with knowledge of "i", G s (i) and CK(s), it is mathematically "easy" to compute F s (j) for 
i - h j i, where "h" is at most polynomial in "u". 

(ii) with knowledge of "i" and G 5 (i) for i {i„ i 2 i h } , where "h" is at most polynomial in "u'\ 

and without knowledge of CK(s) (contrast property (i) above), it is mathematically "hard" to 
compute F s (j) for j {i„ i 2 ,...,i h }, 

(iii) with knowledge of "i", G s (i) and PK(s), it is mathematically "easy" to compute G.G) and 
F s (j) for all values of "j", and 

(iv) with knowledge of "i" and G s (i) for i {i„ i 2 ,...,i h } , where "h" is at most polynomial in "u" 
and with knowledge of CK(s), but without knowledge of PK(s) (contrast properties (i) and (iii) 
above), it is mathematically "hard" to compute F s (j) for j>max(i, , i 2 ,...,i„) where max is the maximum 
value taken over the set of i k 's 

where "i" and "j" are indices representing respective "i ,h " and "j lh " pennies of postage! In items (i) 
through (iv) above, 

(a) G s represents the elements of a sequence used to derive the pseudo-random values; one 
of the elements of the sequence, namely, G t (B'), will be provided by the postal office system 1 1 to 
the postal customer system 12(n) during each postage purchase session, and the postal customer 
system 12(n) can generate values for the other elements as necessary for use in connection with the 
P_RAND_NO pseudo-random number field of each indicium; 

(b) F s represents the pseudo-random values derived from the elements G $ that the postal 
customer (in particular the postal customer system 12(n)) will use in the P_RAND_NO pseudo- 
random number field; in one embodiment, the value F s corresponds to a predetermined number of 
low-order bits of the respective element G s ; 

(c) CK represents one or more values which are useful by the postal customer system 12(n) 
in generating values for the elements of the pseudo-random sequence F S (B"), where B" B' and G S (B') 
has been provided to the postal customer system 12(n) by the postal office sytem 1 1; and 
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(d) PK represents one or more values which are useful by the postal office system 1 1 in 
efficiently generating values for elements of the sequence G $ (B"), where B" represents any position 
in the sequence that needs to be computed by the postal office system 1 1 . 

By the first property (property (i) above), the postal customer system 12(n) will be able to generate 
the pseudo-random number sequence for the pennies which have been purchased, and only for those 
pennies purchased. Consequently, the postal customer system 1 1 will not need to download every 
value of the pseudo-random number sequence. When, during a postage purchase session, a postal 
customer purchases "M" pennies worth of postage, the postal office system 1 1 will provide him or 
her with a value for G^B*), where, as above, B' = B+M, where "B" was the total amount of postage 
purchased up to the previous postage purchase session. From the first property, the postal customer 
(more specifically the postal customer system 12(n)) will be able to easily calculate the pseudo- 
random number sequence F S (B") for all pennies of postage B" B' which he or she has purchased. 

On the other hand, by the fourth property (property (iv) above), the postal customer will not 
be able to generate any elements of the random number sequence F s (B'-f-l ), F s (B'+2),..., in which case 
it is extremely unlikely (within a probability determined by the number of bits used for the 
P_RAND_NO pseudo-random number field of the indicium) that the postal customer system 12(n) 
will be able to generate a correct pseudo-random number value for postage using pennies above the 
running total B* which he or she has previously purchased. 

Property (ii) is slightly more restrictive than may be needed in connection with system 10. 
Generally, for system 10 it is sufficient that 

(ii') with knowledge of "i" and F s (i) for i {i l9 i 2 ,...,i h } , where "h" is at most polynomial in "u'\ 
and without knowledge of CK(s) (contrast property (i) above), it is mathematically "hard" to 
compute F s (j) for j {i„ i 2 ,...,i h > 

Because of property (ii*) if a third party were to intercept the value for a polynomial number 
of indicia printed by the postal customer, the third party would be unable to generate an value of the 
postal customer's pseudo-random number sequence. For this particular implementation it is 
necessary that the value G s (i) transmitted by the postal office system 1 1 to the postal customer 
system 12(n) over communication link 13 during a postage purchase session must be transmitted in 
a secure manner. This can be accomplished by using any standard secure communications protocol 
such as, for example, the Secure Sockets Layer protocol (SSL). Finally, according to the third 
property (property (iii) above), the postal office system 1 1 will be able to efficiently generate a a 
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value for G s (i) and F s (i) for any "s» and "i"that are potentially used in the system, in which case the 
postal office system will be able to efficiently issue any amount of postage to the postal customer 
system 12(n) and will be able to efficiently verify any pseudo-random value P_RAND_NO 
appearing in an indicium. 

A suitable pseudo-random number sequence generation methodology for use in connection 
with the system 10 is that described in L. Blum, et al., "A Simple Unpredictable Pseudo-Random 
Number Generator", SIAM Journal on Computing, Vol., 15, No. 2 (1986) pp. 364-383, and 
particularly the methodology referred to therein as an "x 2 mod N generator" (hereinafter referred to 
as the "BBS generation methodology"). In the BBS generation methodology, if 

(i) two, k-bit prime numbers "p" and "q", both of which are congruent to "3 mod 4" (where 
"mod" refers to the modulo function) are selected, and "n" is their multiplicative product (that is, 
"n=pq"), and 

(ii) a random number "x" is selected which is coprime with "n", such that x 0 = x 2 mod n, 
where "x 0 " is any selected value, which is also referred to as the "seed" for the BBS generation 
methodology, 

(iii) a sequence is defined according to 

x, = xf_ t mod« (1). 

By the way that values for "p" and "q" have been selected, the sequence defined by equation ( 1 ) can 
be generated in the reverse direction, starting with x f = Xo. In particular, there is exactly one square 
root of x ( which is a quadratic residue (that is, that satisfies the equation x,. = xf_ t mod n ), which 
square root is the value for*.,. A methodology for efficiently generating the sequence in the reverse 
direction, which requires knowledge of the values for "p" and "q", will be described below. 

Given the sequence defined by equation (1 ), the elements of the BBS pseudo-random number 
sequence b 0 , b„ ....b,,... used in the postage indicia each correspond to the "r" least significant bits 

of the respective Xo, x.„ ...^ It has been shown in U. V. Vazirani, , et al., "Efficient and Secure 

Pseudo-Random Number Generation", Advances in Cryptology: Proceedings of Crypto '84, 

Springer-Verlag, 1985, pp. 193-202 that ifr < log 2 (log 2 n) then the elements b f of the sequence 

can be determined with better than uniform probability over values in the range from "0" to "2 '- 1 " 
only if an unreasonably large amount of computation is used. As a result, the probability of 
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successfully predicting the value of any element b, of the sequence will be extremely close to %, . 
With knowledge of values for "p" and "q", the BBS methodology facilitates generation of a pseudo- 
random number sequence in which the "i*" element of the sequence corresponds to b^ With 
knowledge of values for * V and x.j, the pseudo-random number sequence b, can be readily generated 
for j i, but it is not possible to compute any elements of the sequence bj for j > i. 

With this description of the BBS methodology, the functions "G/\ "F s '\ "CK" "PK" and "s" 
correspond to the above-described functions used in the BBS methodology as follows: 

(i) s = <n | Xo>; 

(ii) CK: {0,1} 2108/1 -> {0,l} IOgtt is defined by CK(s) = <n>; 

(iii) PK : {0,l} 21 ° g ' 7 -> {0,l} ^° %n is defined by PK{s) = <p|q|x 0 >; 

(iv) G s : Z + (Z n *) 2 is defined by G s (i) = x. t ; and 

(v) F s : Z* {0,l} r is defined by the V least significant bits of G s (i), 

where, as above, the vertical bar "|" represents the concatenation operation. Thus, from item (ii) 
directly above and equation (1), since the postal office system 1 1 provides the postal customer 
system 12(n) with the values for "n" and "x_ " for some i, the postal customer system 12(n) will be 
able to generate the elements of the sequence G s (j) for j i and the pseudo-random number values F s (j) 
for j i for insertion into the appropriate indicia. On the other hand, the postal office system 1 1 does 
not provide the postal customer system 12(n) with values for "p" and "q'\ which would be useful in 
generating elements of the sequence G s (j) for j > i, as will be seen below. 

As noted above, a method exists for efficiently generating values for x.,, x_ 2 ,~., from x 0 
given the values for x 0 , "p" and "q" The method particularly facilitates the generation of a value for 
x.i for any "i" using the values for Xo, "p" and M q" without the necessity of generating the 
intermediate values x.„...,x_ i+1 . It will be appreciated that, since the postal office system 1 1 generates 
the values for "p" and "q" as elements of PK (item (iii) directly above) the postal office system 1 1 
would make use of this method when determining whether the scanned postal indicia are authentic; 
on the other hand, since the postal office system 1 1 does not provide the values for "p" and "q" to 
the postal customer system 12(n) (reference item (ii) directly above), the postal customer system 
would not make use of this method when generating the postal indicia. The efficient methodology 
makes use of the Chinese Remainder Theorem and the Euclidean algorithm for determinating values 
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for the greatest common divisor ("god") of two numbers. According to the Chinese Reminder 
Theorem, a system of equations 



X = o, 



x = a 2 



(mod/72,) 
(modw^) 



(2), 

x= a k (mod m k ) 

(where values for a„ a 2 ,...,a k and m„ m 2 ,...,m k are known) always has a solution for "x'\ if the moduli 
m„ m 2 , m k are relatively prime in pairs. In addition, the solution "x" is unique "mod m'\ where 
"m" is the multiplicative product of m„ m„..., and m k . Several methodologies are known for 
determining the value for "x" in equation (2). 

According to the Euclidean algorithm, the gcd of two numbers "a" and "b" can be expressed 
asalinearcombinationof-a-and-b-.thatis, gcd = ua + vb , where "u" and "v" are integers. The 
Euclidean algorithm provides a straight-forward methodology for determining values for "u" and 
'V. In this case, "a" corresponds to "p" and "b" corresponds to "q", in which case 1= up+vq , so 
that, using the Euclidean algorithm it is straight-forward to generate values for "u" and "v". 

The unique quadratic residue "x lp mod p" whose square has the value "x 0 mod p" (reference 

equation (1)) corresponds to the value Y <P * xy '* modtp-o « * *u , 

° me value x o mod p , and the unique quadratic residue 

"x. lq mod q" whose square is "xo mod q" (reference equation (1)) corresponds to the 
vaiue x 0 m od q . From the Euclidean algorithm, values for "u" and • V can be readily 

determined such that l=u P+vq , which are used to combine the values for x. lp and x.„ to generate x. 



x -\ ~ Vvx-ip + pux_ lq mod« (3) 

By the Chinese Remainder Theorem (reference equation (2)), x, is the unique integer mod n whose 
square is x 0 mod n. More generally, the unique quadratic residue "x, p mod p» which, when squared 
"i" times, is "x 0 mod p" corresponds to the value 
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x^^^modp (4). 

Similarly, the unique quadratic residue "x. iq mod q" which, when squared "i" times, is 4 *x 0 mod q" 
is 

4^1-^0 mod? (5). 

From the Euclidean algorithm, values for **u" and 'V" can be readily determined such that l=up+vq, 
which are used to combine the values for x_ ip and x. iq to generate x.j as 

^fl^-fr + PW*-* modrt (6). 

Thus, using equations (4) through (6) and the Euclidean algorithm, the value for x. ; can be generated 
directly for any "i" without any need for generating the intermediate values between x 0 and x. 4 . 

With this background, the operations performed by the postal office system 1 1 and a postal 
customer system 12(n) in connection with the invention will be described in connection with the 
flowcharts in FIGS. 2 through 4. FIG. 2 depicts operations performed by the postal office system 
11 and postal customer system 12(n) in connection with purchase of postage during a postage 
purchase session, FIG. 3 depicts operations performed by the postal customer system 12(n) in 
connection with generation of a postal indicium for printing on an item, and FIG. 4 depicts 
operations performed by the postal office system 1 1 in connection with verifying the authenticity of 
an indicium scanned from an item. 

With reference initially to FIG. 2, the postal customer system 12(n) initially determines that 
it is to engage in a postage purchase session to purchase "M" pennies of postage (step 100). The 
postal customer system 12(n) can determine to engage in a postage purchase session when, for 
example, it needs to print an indicium which represents a value which would represent a running 
total that is larger than the running total amount which it had previously purchased. To this end, 
following step 100, the postal customer system 12(n) can generate a postage purchase request 
message for transmission to the postal office system 11, the message including information 
including, for example, identification information for the postal customer system 12(n) and the 
identification of the amount of postage to be purchased (that is, "M" pennies) (step 101). After the 
postal office system 1 1 receives the postage purchase request message (step 1 02), it can determine 
whether or not the postal customer has an account (step 103), and, if not, establish an account 
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therefore (step 104), in the process assigning the postal customer a customer identifier. In addition 
to this identifier, the customer is provided with the value CK(s) which is required by the customer 
to generate the necessary pseudo-random numbers easily. It is preferable that CK(s) be transferred 
in a secure manner from the postal office system 1 1 to the post customer. This can be accomplished 
by any conventional secure communications protocol such as, for example, the Secure Sockets 
Layer protocol (SSL) . Operations performed in connection with establishing an account (reference 
step 1 04) may necessitate transfer of one or more messages between the postal office system 1 1 and 
the postal customer system 12(n). 

Following step 104, or step 103 if the postal office system 1 1 determines that an account 
already exists for the postal customer, the postal office system 1 1 determines from the customer 
database 21 whether the amount of postage requested would result in the running total being greater 
than the predetermined maximum amount which can be allocated for the postal customer's postal 
customer identifier (step 1 05). If the postal office system makes a positive determination in step 1 05, 
it can assign the postal customer another postal customer identifier (step 106) and store information 
in the customer database 21 representative thereof (step 107). Following step 107, or step 105 if it 
makes a negative determination in that step, the postal office system generates a postage purchase 
response message for transmission to the postal customer system 1 2(n) including the permission to 
print the requested postage, information that the postal customer system 1 2(n) will use in generating 
the information in the P_RAND_NO pseudo-random number field(s) of the respective postal indicia, 
and, if the postal office system 1 1 assigned the postal customer a new postal customer identifier, the 
new postal customer identifier (step 108). 

When the postal customer system 1 2(n) receives the postage purchase response message (step 
109), it stores the postage information in the postage database 31 (step 110). This- postage 
information will be used at a later time, during postage dispensing, to generate the pseudo-random 
number value associated with a particular penny of postage. 

FIG. 3 depicts operations performed by the postal customer system 1 2(n) in connection with 
generation of a postal indicium for printing on an item. With reference to FIG. 3, when the postal 
customer system 12(n) determines that it is to generate a postal indicia for printing (step 130) it 
initially determines the postage amount value to be represented by the indicium (step 131). In 
performing step 1 3 1 , the postal customer system 1 2(n) may determine the postal amount value from 
a number of factors, which are known by those skilled in the art, including, for example, the postal 
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rate class or service class as may be provided by an operator and the weight of the item with which 
the indicium is to be used, as well as rate tables as provided by the postal delivery service. After the 
postal customer system 12(n) has determined a postage amount value to be represented by the 
indicium, it will determine the running total amount of postage used by the postal customer, 
including the postage amount value determined in step 131 (step 132). For step 132, the postal 
customer system 12(n) may maintain an accumulator register (not separately shown), which 
maintains the running total postage amount, and which is incremented by the postage amount value 
when that value is generated in step 131. After the postal customer system 12(n) determines the 
running total postage amount in step 132, it (that is, the postal customer system 12(n)) uses that 
running total postage amount along with information stored in the postage database 3 1 to generate 
the pseudo-random number associated therewith (step 133). At the end of step 133, if the postal 
customer system 1 2(n) is used in connection with one postal customer identifier value at a time, the 
postal customer system 12(n) will have values for all of the variable fields of the indicium, and so 
it (that is, the postal customer system 12(n)) can print the indicium (step 134) using the printer 32'. 

It will be appreciated that, if the postal customer system 12(n) has sufficient postage available 
to print the required indicia, then the postal customer system 12(n) need to communicate with the 
postal office system 1 1 to perform this operation. As a result, a connection need not be established 
between the postal customer system 1 2(n) and the postal office system 1 1 unless the customer needs 
to purchase additional postage because the running total amount of postage required is greater than 
the running total amount of postage purchased thus far. 

It will be appreciated that, if the postal customer system 12(n) is used in connection with 
postal customers having a plurality of postal customer identifiers concurrently, the postal customer 
identifier value which is to be used in connection with an indicium can be provided by the operator. 
In such a case, the postal customer system 12(n) will preferably maintain in the postage database 3 1 
separate sets of information as described above for the respective postal customer identifiers, and 
when it (that is, the postal customer system 12(n)) is to print an indicium using a particular postal 
customer identifier, it will make use of the set of information associated with the particular postal 
customer identifier in connection with steps 130 through 134 described above. 

FIG. 4 depicts operations performed by the postal office system 1 1 in connection with 
verifying the authenticity of an indicium scanned from an item. With reference to FIG. 4, when the 
postal scanning equipment 22 scans an indicium (step 1 50), it (that is, the postal scanning equipment 
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22) provides the information from the indicium to the control module 23, along with other 
information which the control module 23 can use in determining whether the postage amount value 
represented by the indicium is sufficient for the service to be provided (step 151), such as, for 
example, the weight of the item with which the indicium is used. The control module 23 receives 
the information from the postal scanning equipment 22 (step 152) and uses the postal customer 
identifier from that information to determine, from the information associated with that postal 
customer identifier in the customer database 2 1 and the pseudo-random number from the indicium, 
whether the indicium is authentic (step 153). In performing step 153, the control module 23 will 
make use of equations (4) through (6) above to verify that the pseudo-random number that is 
correctly associated with the running total postage amount indicated in the indicium corresponds to 
the pseudo-random number from the indicium as provided by the postal scanning equipment 22 in 
step 151. If the control module 23 makes a negative determination in step 153, that is, if it 
determines that the pseudo-random number that is correctly associated with the running total postage 
amount indicated in the indicium, does not correspond to the pseudo-random number from the 
indicium, it will proceed to step 154 to take appropriate corrective action. 

On the other hand, if the control module 23 makes a positive determination in step 153, that 
is, if it determines that the pseudo-random number that is correctly associated with the running total 
postage amount indicated in the indicium, does correspond to the pseudo-random number from the 
indicium, it will proceed to step 155 to verify, from the information in the customer database, and 
the running total postage amount and postage amount value represented by the indicium, as provided 
by the postal scanning equipment 22, that none of the pennies of postage represented by the indicium 
have already been used in connection with other indicia. If the control module 23 makes a negative 
determination in step 155, that is, if it determines that at least one of the pennies of postage 
represented by the indicium has been used in connection with other indicia, it will proceed to step 

156 to take appropriate corrective action. On the other hand, if the control module 23 makes a 
positive determination in step 155, that is, if it determines that none of the pennies of postage 
represented by the indicium has been used in connection with other indicia, it will proceed to step 

1 57 to mark, in the customer database, the pennies of postage represented by the indicium as having 
been used. Thereafter, the control module 23 can notify the postal scanning equipment that the 
requested postal delivery service is to be provided in connection with the item (step 1 58). 
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The invention provides a number of advantages. In particular, the invention provides an 
arrangement which facilitates printing by a postal customer of postal indicia for use in connection 
with items to be mailed using any printer, after the postal customer has purchased sufficient postage, 
but without the need for additional mechanisms such as the postal security device (PSD) 
contemplated by the U. S. Postal Service's IBIP. In addition, the invention provides an arrangement 
such that the postal indicia represents a relatively small amount of information, in comparison to the 
amount contemplated by the IBIP, and thus can be printed using an easily-scanned one-dimensional 
barcode. Further, the invention provides an arrangement by which the postal indicia can be readily 
authenticated, using a pseudo-random number generated using information that is known only by 
the postal customer and postal delivery service, thus facilitating purchasing of postage over an 
insecure network such as the Internet, using a methodology selected so that the postal customer can 
generate the pseudo-random numbers for postage that he or she has purchased, but not for postage 
that he or she has not purchased. 

It will be appreciated that numerous modifications may be made to the invention. For 
example, the specific operations and sequence of operations performed by the postal office system 
11 and postal customer system 12(n) may differ from those described above in connection with 
FIGS. 2 through 4. In addition, although the postage indicia have been described as having a 
particular structure and order of concatenated fields, with each field representing a particular number 
of bits, it will be appreciated that the indicia may have a different structure or order and different 
numbers of bits. 

Furthermore, although the postal office system 1 1 and postal customer system I2(n) have 
been described as using the BBS algorithm in connection with generation of pseudo-random numbers 
for use in authenticating the respective indicia, it will be appreciated that other algorithms may be 
used. Preferably, the algorithms will have at least the properties (i), (iii) and (iv) described above. 
Depending on the degree of security which may be desired in connection with the transfer of 
information relating to purchase of postage and distribution of the information used by a postal 
customer system 12(n) in generating the pseudo-random numbers, property (ii) or (ii 1 ) may or may 
not be considered necessary. For example, if the information to be transferred is encrypted, or is 
otherwise transferred in a relatively secure manner, property (ii) or (ii 1 ) may not be needed. 

In addition, although the postal office system 1 1 , in particular the customer database 2 1 , has 
been described as storing information relating to all pennies of postage which have been purchased 
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by a postal customer (that is, as associated with a particular postal customer identifier), to reduce the 
amount of information stored in the customer database 21, the control module 23 can delete 
information for pennies below the first penny which has not been used provided a sufficient amount 
of time has elapsed for all used pennies to have passed through the postal office system 1 1 . 

Furthermore, although the postal office system 1 1 and postal customer system 12(n) have 
been described as transferring particular types of information during a postage purchase session, it 
will be appreciated that other and additional types of information can be transferred. For example, 
the postal customer system 12(n) can transfer information relating to indicia which have been 
printed, such as source and destination address information, which the postal office system 1 1 can 
use for tracking and tracing purposes, mail volume analysis, and so forth, and in addition, can be 
used to protect against fraud. 

In addition, because the postal customer system 12(n) is described as using suitably 
programmed computer systems, the migration of a postal customer system 1 2(n) from one computer 
to another is readily and easily accomplished. 

Furthermore, although the invention has been described in connection with generation and 
authentication of postal indicia, it will be appreciated that the invention can be used in connection 
with generation of indicia of many types and for many purposes. For example, the invention can be 
readily used in connection with generation and authentication of money orders each representing a 
value within a previously paid-for range of values, generation and authentication of certified 
identifiers that can be used to track physical objects, and other types of indicia which will be 
apparent to those skilled in the art. 

In addition, although the postal customer system 12(n) as using, for successive indicia, 
increasing ones of the pennies of purchased postage, toward the most recently purchased total B k ,it 
will be appreciated that the postal customer system 12(n)may, forsuccessive inidica, use decreasing 
ones of the pennies of purchased postage, descending from the most recently purchased total B k , or 
any other convenient order. 

Furthermore, it will be appreciated that the postal customer system 1 2(n) can either generate 
the appropriate elements of the pseudo-random sequence at the time that an indicium is generated, 
oraltemativelyitmay generate the elements for all ofthe pennies of postage that are purchased when 
or sometime after purchase for use when an indicium is generated. 
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In addition, it will be appreciated that, if, after a postal customer system 12(n) has generated 
an indicium, but the item with which the indicium was to be used has not been mailed, the postal 
customer system 1 2(n) can either recover the pennies associated therewith for use in connection with 
other inidicia, or the postal office system 1 1 may issue a credit therefor. 

It will be appreciated that a system in accordance with the invention can be constructed in 
whole or in part from special purpose hardware or a general purpose computer system, or any 
combination thereof, any portion of which may be controlled by a suitable program. Any program 
may in whole or in part comprise part of or be stored on the system in a conventional manner, or it 
may in whole or in part be provided in to the system over a network or other mechanism for 
transferring information in a conventional manner. In addition, it will be appreciated that the system 
may be operated and/or otherwise controlled by means of information provided by an operator using 
operator input elements (not shown) which may be connected directly to the system or which may 
transfer the information to the system over a network or other mechanism for transferring 
information in a conventional manner. 

The foregoing description has been limited to a specific embodiment of this invention. It will 
be apparent, however, that various variations and modifications may be made to the invention, with 
the attainment of some or all of the advantages of the invention. It is the object of the appended 
claims to cover these and such other variations and modifications as come within the true spirit and 
scope of the invention. 

What is claimed as new and desired to be secured by Letters Patent of the United States is: 
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Claims 

1. A system for generating and authenticating an indicium representative of an indicium value 
comprising an element in an indicium value sequence defined by a selected maximum indicium 
value, the system comprising an indicium generator and an indicium authenticator, 
A. the indicium generator being configured to generate the indicium, the indicium having an 
indicium value field for receiving the indicium value and a random number field for 
receiving a random number, the indicium generator being configured to generate therandom 
number according to a predetermined methodology using random number generating 
information, the random number generating information including a seed value and another 
value, the seed value being a function of the selected maximum value and the other value, 
the predetermined methodology having the characteristics that 

(i) ara ndomnumbersequenceisgenerated,eachrandomnumberin therandom number 
sequence being associable with element of the indicium value sequence, 

(ii) values of the random numbers in the random number sequence have values which are 
a function of the selected maximum value, 

(iii) the indicium generator can readily generate values of the random numbers in the 
random number sequence associable with values in the indicium value sequence 
which m less = «han the maximum indicium value, and 

(iv) the indicium generator cannot readily generate values of the random numbers in the 
random number sequence associable with values in the indicium value sequence 
which are less than the maximum indicium value, 

the indicium generator using the random number value from the random number sequence 
associated with the indicium value in the indicium value sequence as the random number for 
the random number field, 

B. the indicium authenticator being configured to authenticate the indicium by determining 
whether the random number value in the random number field corresponds to the correct 
random number for the indicium value in the indicium value field as determined by the 
predetermined methodology. 

2. A system as defined in claim 1 in which the indicium authenticator is configured to provide the 

random number generating information to the indicium generator. 
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3. A system as defined in claim 2 in which the indicium generator is configured to request an updated 
maximum indicium value from the indicium authenticator, the indicium authenticator being 
configured to provide in response the updated maximum indicium value and a new seed value, the 
predetermined methodology further having the characteristic that the indicium authenticator can 
readily generate values of the random numbers in the random number sequence which are greater 
than the predetermined maximum value. 

4. A system as defined in claim 1 in which, in accordance with the predetermined methodology, the 
random numbers in the random number sequence are generated according to 



where "n" is the product of two prime numbers "p" and "q," both of which are congruent to "3 mod 

4. " "x/ 1 and "Xj.," are elements of the random number sequence, and seed value x 0 is generated as 
x 0 = x 2 mod n, where ,f x ,r is a random number which is co-prime with "n." 

5. A system as defined in claim 4 in which the indicium generator is configured to utilize as the 
random number in the random number field a predetermined set of digits in the representation of x { . 

6. A system as defined in claim 5 in which the indicium generator is configured to utilize a 
predetermined number of low-order bits. 

7. A system as defined in claim 1 in which the indicium generator is configured to generate a 
plurality of indicia, each indicium in the plurality having a unique indicium value. 

8. A system as defined in claim 1 in which the indicium generator is configured to generate each 
indicium in the plurality as having an indicium subrange value field for receiving a subrange value 
within the range, the indicium value associated with the respective indicium being a predetermined 
function of the subrange. 

9. A system as defined in claim 8 in which the indicium generator is configured to generate indicia 
such that subranges associated therewith do not overlap. 

1 0. An indicium generator for generating an indicium representative of an indicium value comprising 
an element in an indicium value sequence defined by a selected maximum indicium value, the 
indicium generator being configured to generate the indicium, the indicium having an indicium value 
field for receiving the indicium value and a random number field for receiving a random number, 
the indicium generator being configured to generate the random number according to a 
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predetermined methodology using random number generating information, the random number 
generating information including a seed value and another value, the seed value being a function of 
the selected maximum value and the other value, the predetermined methodology having the 
characteristics that 

(1) a random number sequence is generated, each random number in the random number 
sequence being associable with element of the indicium value sequence, 

(ii) values of the random numbers in the random number sequence have values which are a 
function of the selected maximum value, 

(iii) the indicium generator can readily generate values of the random numbers in the random 
number sequence associable with values in the indicium value sequence which are less than 
the maximum indicium value, and 

(iv) the indicium generator cannot readily generate values of the random numbers in the random 
number sequence associable with values in the indicium value sequence which are less than 
the maximum indicium value, 

the indicium generator using the random number value from the random number sequence associated 
with the indicium value in the indicium value sequence as the random number for the random 
number field. 

1 1 . An indicium generator as defined in claim 10 in which, in accordance with the predetermined 
methodology, the random numbers in the random number sequence are generated according to 

x i = xf_ x mod« 

where "n" is the product of two prime numbers "p" and ,r q," both of which are congruent to M 3 mod 
4," "x" and "x^," are elements of the random number sequence, and seed value x 0 is generated as 
x 0 = x 2 mod n, where V is a random number which is co-prime with M n." 
. 12. An indicium generator as defined in claim 1 1 in which the indicium generator is configured to 
utilize as the random number in the random number field a predetermined set of digits in the 
representation of x { . 

13. An indicium generator as defined in claim 12 in which the indicium generator is configured to 
utilize a predetermined number of low-order bits. 

14. An indicium generator as defined in claim 10 in which the indicium generator is configured to 
generate a plurality of indicia, each indicium in the plurality having a unique indicium value. 

SUBSTITUTE SHEET (RULE 26) 

BNSDOCID: <WO 9918543A1J_> 




WO 99/18543 * PCT/US 98/2 0980 

-27- 

15. An indicium generator as defined in claim 10 in which the indicium generator is configured to 
generate each indicium in the plurality as having an indicium subrange value field for receiving a 
subrange value within the range, the indicium value associated with the respective indicium being 
a predetermined function of the subrange. 

1 6. An indicium generator as defined in claim 15 in which the indicium generator is configured to 
generate indicia such that subranges associated therewith do not overlap. 

1 7. An indicium authenticator for authenticating an indicium representative of an indicium value 
comprising an element in an indicium value sequence defined by a selected maximum indicium 
value, the indicium having been generated by an indicium generator to have an indicium value field 
for receiving the indicium value and a random number field for receiving a random number, the 
random number being generated according to a predetermined methodology using random number 
generating information, the random number generating information including a seed value and 
another value, the seed value being a function of the selected maximum value and the other value, 
the predetermined methodology having the characteristics that 

(i) a random number sequence is generated, each random number in the random number 
sequence being associable with element of the indicium value sequence, 

(ii) values of the random numbers in the random number sequence have values which are 
a function of the selected maximum value, 

(iii) the indicium generator can readily generate values of the random numbers in the 
random number sequence associable with values in the indicium value sequence 
which are less than the maximum indicium value, and 

(iv) the indicium generator cannot readily generate values of the random numbers in the 
random number sequence associable with values in the indicium value sequence 
which are less than the maximum indicium value, 

the indicium generator using the random number value from the random number sequence 
associated with the indicium value in the indicium value sequence as the random number for 
the random number field, 
the indicium authenticator being configured to authenticate the indicium by determining whether the 
random number value in the random number field corresponds to the correct random number for the 
indicium value in the indicium value field as determined by the predetermined methodology. 
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18. An indicium authenticator as defined in claim 17, the indicium authenticate being configured 
to provide the random number generating information to the indicium generator. 

1 9. An indicium authenticator as defined in claim 1 8 in which the indicium generator is configured 
to request an updated maximum indicium value from the indicium authenticator. the indicium 
authenncator being configured to provide in response the updated maximum indicium value and a 
new seed value, the predetermined methodology further having the characteristic that the indicium 
authenhcator can readily generate values of the random numbers in the random number sequence 
which are greater than the predetermined maximum value. 

20.An indicium authenticator as defined in claim 1 7 in which, in accordance with the predetermined 
methodology, the random numbers in the random number sequence are generated according to 

*i - x, 2 _, mod/? 

where "n» is the product of two prime numbers »p" and "q,« both of which are congruent to "3 mod 
W and "x„« are elements of the random number sequence, and seed value x 0 is generated as 
x 0 - x> mod n, where »x" is a random number which is co-prime with "n." 

21. An indicium authenticator as defined in claim 17, the indicium generator being configured to 
generate a plurality of indicia, each indicium in the plurality having a unique indicium value, each 
indicium m the plurality further having an indicium subrange value field for receiving a subrange 
value wtthin the range, the indicium authenticator further being configured to determine whether an 
.ndic.um has a subrange value which overlaps with the subrange value associated with at least one 
previous indicium. 

22. A method of generating and authenticating an indicium representative of an indicium value 
comprising an element in an indicium value sequence defined by a selected maximum indicium 
value, the method comprising the steps of 

A. enabling an indicium generator to generate the indicium, the indicium having an indicium 
value field for receiving the indicium value and a random number field for receiving a 
random number, the indicium generator being enabled to generate the random number 
according to a predetermined methodology using random number generating information, 
the randomnumbergeneratinginformationincludingaseed value andanother value, theseed 
value being a function of the selected maximum value and the other value, the predetermined 
methodology having the characteristics that 
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(i) a random number sequence is generated, each random number in the random number 
sequence being associable with element of the indicium value sequence, 

(ii) values of the random numbers in the random number sequence have values which are 
a function of the selected maximum value, 

(iii) the indicium generator can readily generate values of the random numbers in the 
random number sequence associable with values in the indicium value sequence 
which are less than the maximum indicium value, and 

(iv) the indicium generator cannot readily generate values of the random numbers in the 
random number sequence associable with values in the indicium value sequence 
which are less than the maximum indicium value, 

the indicium generator using the random number value from the random number sequence 
associated with the indicium value in the indicium value sequence as the random number for 
the random number field, 
B. enabling an indicium authenticator to authenticate the indicium by determining whether the 
random number value in the random number field corresponds to the correct random number 
for the indicium value in the indicium value field as determined by the predetermined 
methodology. 

23. A method as defined in claim 22 further comprising the step of enabling the indicium 
authenticator to provide the random number generating information to the indicium generator. 

24. A method as defined in claim 23 further comprising the step of enabling the indicium generator 
to request an updated maximum indicium value from the indicium authenticator, the indicium 
authenticator being enabled to provide in response the updated maximum indicium value and a new 
seed value, the predetermined methodology further having the characteristic that the indicium 
authenticator can readily generate values of the random numbers in the random number sequence 
which are greater than the predetermined maximum value. 

25. A method as defined in claim 22 in which, in accordance with the predetermined methodology, 
the random numbers in the random number sequence are generated according to 

x i = xf_ x mod n 
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where "n" is the product of two prime numbers "p" and "q," both of which are congruent to "3 mod 
4," "Xj" and "xj.," are elements of the random number sequence, and seed value x 0 is generated as 
Xo= x 2 mod n, where V is a random number which is co-prime with "n." 

26. A method as defined in claim 25 in the indicium generator is configured to utilize as the random 
number in the random number field a predetermined set of digits in the representation of x, 

27. A method as defined in claim 26 further comprising the step of enabling the indicium generator 
to utilize a predetermined number of low-order bits. 

28. A method as defined in claim 22 further comprising the step of enabling the indicium generator 
to generate a plurality of indicia, each indicium in the plurality having a unique indicium value. 

29. A method as defined in claim 22 further comprising the step of enabling the indicium generator 
to generate each indicium in the plurality as having an indicium subrange value field for receiving 
a subrange value within the range, the indicium value associated with the respective indicium being 
a predetermined function of the subrange. 

30. A method as defined in claim 29 in which the indicium generator is configured to generate 
indicia such that subranges associated therewith do not overlap. 

31. A method of enabling an indicium generator to generate an indicium representative of an 
indicium value comprising an element in an indicium value sequence defined by a selected maximum 
indicium value, the indicium generator being configured to generate the indicium, the indicium 
having an indicium value field for receiving the indicium value and a random number field for 
receiving a random number, the indicium generator being configured to generate the random number 
according to a predetermined methodology using random number generating information, the 
random number generating information including a seed value and another value, the seed value 
being a function of the selected maximum value and the other value, the predetermined methodology 
having the characteristics that 

(0 a random number sequence is generated, each random number in the random number 

sequence being associable with element of the indicium value sequence, 
(n) values of the random numbers in the random number sequence have values which are a 

function of the selected maximum value, 
(in) the indicium generator can readily generate values of the random numbers in the random 

number sequence associable with values in the indicium value sequence which are less than 

the maximum indicium value, and 
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(i v) the indicium generator cannot readily generate values of the random numbers in the random 
number sequence associable with values in the indicium value sequence which are less than 
the maximum indicium value, 

the indicium generator using the random number value from the random number sequence associated 

with the indicium value in the indicium value sequence as the random number for the random 

number field. 

32. A method as defined in claim 3 1 in which, in accordance with the predetermined methodology, 
the random numbers in the random number sequence are generated according to 

x, = xf_ x mod;? 

where "n" is the product of two prime numbers "p" and "q," both of which are congruent to "3 mod 
4," "x" and " x i-i" are elements of the random number sequence, and seed value x 0 is generated as 
r x 0 = x 2 mod n, where "x" is a random number which is co-prime with "n." 

33. A method as defined in claim 32 further comprising the step of enabling the indicium generator 
to utilize as the random number in the random number field a predetermined set of digits in the 
representation of x f . 

34. A method as defined in claim 33 further comprising the step of enabling the indicium generator 
to utilize a predetermined number of low-order bits. 

35. A method as defined in claim 31 further comprising the step of enabling the indicium generator 
to generate a plurality of indicia, each indicium in the plurality having a unique indicium value. 

36. A method as defined in claim 3 1 further comprising the step of enabling the indicium generator 
to generate each indicium in the plurality as having an indicium subrange value field for receiving 
a subrange value within the range, the indicium value associated with the respective indicium being 
a predetermined function of the subrange. 

37. A method as defined in claim 36 further comprising the step of enabling the indicium generator 
to generate indicia such that subranges associated therewith do not overlap. 

38. A method of enabling an indicium authenticator to authenticate an indicium representative of an 
indicium value comprising an element in an indicium value sequence defined by a selected maximum 
indicium value, the indicium having been generated by an indicium generator to have an indicium 
value field for receiving the indicium value and a random number field for receiving a random 
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number, the random number being generated according to a predetermined methodology using 
random number generating information, the random number generating information including a seed 
value and another value, the seed value being a function of the selected maximum value and the other 
value, the predetermined methodology having the characteristics that 

(i) a random number sequence is generated, each random number in the random number 

sequence being associable with element of the indicium value sequence, 
(h) values of the random numbers in the random number sequence have values which are 
a function of the selected maximum value, 

(iii) the indicium generator can readily generate values of the random numbers in the 
random number sequence associable with values in the indicium value sequence 
which are less than the maximum indicium value, and 

(iv) the indicium generator cannot readily generate values of the random numbers in the 
random number sequence associable with values in the indicium value sequence 
which are less than the maximum indicium value, 

the indicium generator using the random number value from the random number sequence 
associated with the indicium value in the indicium value sequence as the random number for 
the random number field, 
the indicium authenticator authenticating the indicium by determining whether the random number 
value in the random number field corresponds to the correct random number for the indicium value 
in the indicium value field as determined by the predetermined methodology. 

39. A method as defined in claim 38, further comprising the step of enabling the indicium 
authenticator to provide the random number generating information to the indicium generator. 

40. A method as defined in claim 39 further comprising the steps of enabling the indicium generator 
to request an updated maximum indicium value from the indicium authenticator, and the indicium 
authenticator to provide in response the updated maximum indicium value and a new seed value, the 
predetermined methodology further having the characteristic that the indicium authenticator can 
readily generate values of the random numbers in the random number sequence which are greater 
than the predetermined maximum value. 

41 . A method as defined in claim 38 in which, in accordance with the predetermined methodology, 
the random numbers in the random number sequence are generated according to 

x t = x% x mod w 
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where "n" is the product of two prime numbers "p" and "q," both of which are congruent to "3 mod 
4," "Xj" s 11 ^ " x m" elements of the random number sequence, and seed value x 0 is generated as 
x 0 = x 2 mod n, where "x" is a random number which is co-prime with "n." 

42. A method as defined in claim 38, the indicium generator being configured to generate a plurality 
of indicia, each indicium in the plurality having a unique indicium value, each indicium in the 
plurality further having an indicium subrange value field for receiving a subrange value within the 
range, the indicium authenticator further being enabled to determine whether an indicium has a 
subrange value which overlaps with the subrange value associated with at least one previous 
indicium. 

43 . A computer program product for use in connection with a computer to provide a system for 
generating and authenticating an indicium representative of an indicium value comprising an element 
in an indicium value sequence defined by a selected maximum indicium value, the computer 
program product comprising computer-readable medium having encoded thereon an indicium 
generator module and an indicium authenticator module, 

A. the indicium generator being configured to enable the computer to generate the indicium, the 
indicium having an indicium value field for receiving the indicium value and a random 
number field for receiving a random number, the indicium generator module being 
configured to enable the computer to generate the random number according to a 
predetermined methodology using random number generating information, the random 
number generating information including a seed value and another value, the seed value 
being a function of the selected maximum value and the other value, the predetermined 
methodology having the characteristics that 

(i) a random number sequence is generated, each random number in the random number 
sequence being associable with element of the indicium value sequence, 

(ii) values of the random numbers in the random number sequence have val ues which are 
a function of the selected maximum value, 

(iii) the indicium generator module can readily generate values of the random numbers 
in the random number sequence associable with values in the indicium value 
sequence which are less than the maximum indicium value, and 
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(iv) the indicium generator module cannot readily generate values of the random numbers 
in the random number sequence associable with values in the indicium value 
sequence which are less than the maximum indicium value, 

the indicium generator module using the random number value from the random number 

sequence associated with the indicium value in the indicium value sequence as the random 

number for the random number field, 
B. the indicium authenticator module being configured to enable the computer to authenticate 

the indicium by determining whether the random number value in the random number field 

corresponds to the correct random number for the indicium value in the indicium value field 

as determined by the predetermined methodology. 

44. A computer program product as defined in claim 43 in which the indicium authenticator module 
is configured to enable the computer provide the random number generating information to the 
indicium generator module. 

45. A computer program product as defined in claim 44 in which the indicium generator module is 
configured to enable the computer to request an updated maximum indicium value from the indicium 
authenticator module, the indicium authenticator module being configured to enable the computer 
to provide in response the updated maximum indicium value and a new seed value, the 
predetermined methodology further having the characteristic that the indicium authenticator module 
can readily generate values of the random numbers in the random number sequence which are greater 
than the predetermined maximum value. 

46. A computer program product as defined in claim 43 in which, in accordance with the 
predetermined methodology, the random numbers in the random number sequence are generated 
according to 

= xf_ { modrc 



where V is the product of two prime numbers "p" and "q," both of which are congruent to "3 mod 
4," "Xj" and Xi" are elements of the random number sequence, and seed value x 0 is generated as 
x 0 = x 2 mod n, where "x" is a random number which is co-prime with "n." 
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47. A computer program product as defined in claim 46 in which the indicium generator module is 
configured to enable the computer to utilize as the random number in the random number field a 
predetermined set of digits in the representation of Xi. 

48. A computer program product as defined in claim 47 in which the indicium generator module is 
configured to enable the computer to utilize a predetermined number of low-order bits. 

49. A computer program product as defined in claim 43 in which the indicium generator module is 
configured to enable the computer to generate a plurality of indicia, each indicium in the plurality 
having a unique indicium value. 

50. A computer program product as defined in claim 43 in which the indicium generator module is 
configured to enable the computer to generate each indicium in the plurality as having an indicium 
subrange value field for receiving a subrange value within the range, the indicium value associated 
with the respective indicium being a predetermined function of the subrange. 

5 1 . A computer program product as defined in claim 50 in which the indicium generator module is 
configured to enable the computer to generate indicia such that subranges associated therewith do 
not overlap. 

52. A computer program product for use in connection with a computer to provide an indicium 
generator for generating an indicium representative of an indicium value comprising an element in 
an indicium value sequence defined by a selected maximum indicium value, the indicium generator 
module being configured to generate the indicium, the indicium having an indicium value field for 
receiving the indicium value and a random number field for receiving a random number, the 
computer program product comprising a computer-readable medium having encoded thereon an 
indicium generator module configured to enable the computer to generate the random number 
according to a predetermined methodology using random number generating information, the 
random number generating information including a seed value and another value, the seed value 
being a function of the selected maximum value and the other value, the predetermined methodology 
having the characteristics that 

(i) a random number sequence is generated, each random number in the random number 
sequence being associable with element of the indicium value sequence, 

(ii) values of the random numbers in the random number sequence have values which are a 
function of the selected maximum value, 
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(iii) the indicium generator module can readily generate values of the random numbers in the 
random number sequence associable with values in the indicium value sequence which are 
less than the maximum indicium value, and 

(iv) the indicium generator module cannot readily generate values of the random numbers in the 
random number sequence associable with values in the indicium value sequence which are 
less than the maximum indicium value, 

the indicium generator module using the random number value from the random number sequence 
associated with the indicium value in the indicium value sequence as the random number for the 
random number field. 

53. A computer program product as denned in claim 52 in which, in accordance with the 
predetermined methodology, the random numbers in the random number sequence are generated 
according to 

X; = mod n 



where «n» is the product of two prime numbers »p» and -q - both of which are congruent to "3 mod 
V-V and "X,," are elements of the random number sequence, and seed value x 0 is generated as 
x 0 - x 2 mod n, where "x" is a random number which is co-prime with "n." 

54. A computer program product as defined in claim 53 in which the indicium generator module is 
configured to enable the computer to utilize as the random number in the random number field a 
predetermined set of digits in the representation of x f . 

55. A computer program product as defined in claim 54 in which the indicium generator module is 
configured to enable the computer to utilize a predetermined number of low-order bits. 

56. A computer program product as defined in claim 52 in which the indicium generator module is 
configured to enable the computer to generate a plurality of indicia, each indicium in the plurality 
having a unique indicium value. 

57. A computer program product as defined in claim 52 in which the indicium generator module is 
configured to enable the computer to generate each indicium in the plurality as having an indicium 
subrange value field for receiving a subrange value within the range, the indicium value associated 
with the respective indicium being a predetermined function of the subrange. 
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58. A computer program product as defined in claim 57 in which the indicium generator module is 
configured to enable the computer to generate indicia such that subranges associated therewith do 
not overlap. 

59. A computer program product for use in connection with a computer to provide an indicium 
authenticator for authenticating an indicium representative of an indicium value comprising an 
element in an indicium value sequence defined by a selected maximum indicium value, the indicium 
having been generated by an indicium generator to have an indicium value field for receiving the 
indicium value and a random number field for receiving a random number, the random number being 
generated according to a predetermined methodology using random number generating information, 
the random number generating information including a seed value and another value, the seed value 
being a function of the selected maximum value and the other value, the predetermined methodology 
having the characteristics that 

(i) a random number sequence is generated, each random number in the random number 
sequence being associable with element of the indicium value sequence, 

(ii) values of the random numbers in the random number sequence have values which are 
a function of the selected maximum value, 

(iii) the indicium generator can readily generate values of the random numbers in the 
random number sequence associable with values in the indicium value sequence 
which are less than the maximum indicium value, and 

(iv) the indicium generator cannot readily generate values of the random numbers in the 
random number sequence associable with values in the indicium value sequence 
which are less than the maximum indicium value, 

the indicium generator module using the random number value from the random number 
sequence associated with the indicium value in the indicium value sequence as the random 
number for the random number field, 
the computer program product comprising a computer-readable medium having encoded thereon an 
indicium authenticator module configured to enable the computer to authenticate the indicium by 
determining whether the random number value in the random number field corresponds to the correct 
random number for the indicium value in the indicium value field as determined by the 
predetermined methodology. 
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60. A computer program product as defined in claim 59, the indicium autheniicator module being 
configured to enable the computer to provide the random number generating information to the 
indicium generator module. 

6 1 . A computer program product as defined in claim 60 in which the indicium generator module is 
configured to enable the computer to request an updated maximum indicium value from theindicium 
authenticator module, the indicium autheniicator module being configured to enable the computer 
to provide in response the updated maximum indicium value and a new seed value, the 
predeterminedmethodology further having the characteristic that the indicium authenticator module 
can readilygeneratevaluesoftherandomnumbers in the random number sequence which are greater 
than the predetermined maximum value. 

62. A computer program product as defined in claim 59 in which, in accordance with the 
predetermined methodology, the random numbers in the random number sequence are generated 
according to 

Xj = xf_ x mod n 



where "n" is the product of two prime numbers "p" and "q," both of which are congruent to "3 mod 
4," -x/' and "x M " are elements of the random number sequence, and seed value x 0 is generated as 
x 0 = x 2 mod n, where "x" is a random number which is co-prime with "n." 

63. A computer program product as defined in claim 59, the indicium generator module being 
configured to enable the computer to generate a plurality of indicia, each indicium in the plurality 
having a unique indicium value, each indicium in the plurality further having an indicium subrange 
value field forreceiving a subrange value within the range, the indicium authenticator module further 
being configured to enable the computer to determine whether an indicium has a subrange value 
which overlaps with the subrange value associated with at least one previous indicium. 
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100. POSTAL CUSTOMER SYSTEM 12(N) DETERMINES 
THAT IT IS TO ENGAGE IN A POSTAGE PURCHASE 
SESSION TO PURCHASE "M" PENNIES OF POSTAGE. 





I 



3 



101. POSTAL CUSTOMER SYSTEM 12(N) GENERATES A 
POSTAGE PURCHASE REQUEST MESSAGE FOR 
TRANSMISSION TO THE POSTAL OFFICE SYSTEM 1 1 
INCLUDING IDENTIFICATION INFORMATION FOR THE 
POSTAL CUSTOMER SYSTEM 12(N) AND THE 
IDENTIFICATION OF THE AMOUNT OF POSTAGE TO BE 
PURCHASED. 



I 




102. POSTAL OFFICE SYSTEM 11 RECEIVES THE 
POSTAGE PURCHASE REQUEST MESSAGE. 



I 



I 

103. POSTAL OFFICE SYSTEM 11 DETERMINES WHETHER 
OR NOT THE POSTAL CUSTOMER HAS AN ACCOUNT 



T 



J 



104. POSTAL OFFICE SYSTEM 11 ESTABLISHES AN 
ACCOUNT THEREFOR AND ASSIGN THE POSTAL 
CUSTOMER A CUSTOMER IDENTIFIER. 



-6 
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rt55. CONTROL MODULE 23 DETERMINES WHETHER, ^ 
FROM THE INFORMATION IN THE CUSTOMER DATABASE, 
AND THE RUNNING TOTAL POSTAGE AMOUNT AND 
POSTAGE AMOUNT VALUE REPRESENTED BY THE 
INDICIUM, AS PROVIDED BY THE POSTAL SCANNING 
EQUIPMENT 22, NONE OF THE PENNIES OF POSTAGE 
REPRESENTED BY THE INDICIUM HAVE ALREADY BEEN 
\USED IN CONNECTION WITH OTHER INDICIA. 



1 



156. CONTROL MODULE 23 TAKES APPROPRIATE 
CORRECTIVE ACTION. 



157. CONTROL MODULE 23 MARKS, IN THE CUSTOMER 
DATABASE, THE PENNIES OF POSTAGE REPRESENTED 
BY THE INDICIUM AS HAVING BEEN USED. 



158. CONTROL MODULE 23 NOTIFIES THE POSTAL 
SCANNING EQUIPMENT THAT THE REQUESTED POSTAL 
DELIVERY SERVICE IS TO BE PROVIDED IN CONNECTION 
WITH THE ITEM. 



FTG.4A 
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150. POSTAL SCANNING EQUIPMENT 22 SCANS AN 
INDICIUM. 



j 



i51. POSTAL SCANNING EQUIPMENT 22 PROVIDES THE 
INFORMATION FROM THE INDICIUM TO THE CONTROL 
MODULE 23, ALONG WITH OTHER INFORMATION (SUCH 
AS WEIGHT) WHICH THE CONTROL MODULE 23 CAN USE 
IN DETERMINING WHETHER THE POSTAGE AMOUNT 
VALUE REPRESENTED BY THE INDICIUM IS SUFFICIENT 
FOR THE SERVICE TO BE PROVIDED. 



,-YES- 



A 



152. CONTROL MODULE 23 RECEIVES THE INFORMATION 
FROM THE POSTAL SCANNING EQUIPMENT 22. 



53. CONTROL MODULE 23 USES THE POSTAL 
CUSTOMER IDENTIFIER FROM THE INFORMATION 
PROVIDED BY THE POSTAL SCANNING EQUIPMENT 22 TO I 
DETERMINE, FROM THE INFORMATION ASSOCIATED 
WITH THAT POSTAL CUSTOMER IDENTIFIER IN THE 
CUSTOMER DATABASE 21 AND THE PSEUDO-RANDOM 
NUMBER FROM THE INDICIUM, WHETHER THE INDICIUM 
IS AUTHENTIC 



1 



154. CONTROL MODULE 23 TAKES APPROPRIATE 
CORRECTIVE ACTION. 
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130. POSTAL CUSTOMER SYSTEM 12(n) DETERMINES 
THAT IT IS TO GENERATE A POSTAL INDICIUM FOR 
PRINTING. 



j 



131. POSTAL CUSTOMER SYSTEM 12(n) DETERMINES THE 
POSTAGE AMOUNT VALUE TO BE REPRESENTED BY THE 
INDICIUM. 



J 



132. POSTAL CUSTOMER SYSTEM 12(n) DETERMINES THE) 
RUNNING TOTAL AMOUNT OF POSTAGE USED BY THE 
POSTAL CUSTOMER, INCLUDING THE POSTAGE AMOUNT j 
VALUE DETERMINED IN STEP 131. 



133. POSTAL CUSTOMER SYSTEM 12(n) USES THE ^ 
RUNNING TOTAL POSTAGE AMOUNT GENERATED IN 
STEP 132 ALONG WITH INFORMATION STORED IN THE 
POSTAGE DATABASE 31 TO GENERATE THE 
PSEUDO-RANDOM NUMBER ASSOCIATED THEREWITH 



134. POSTAL CUSTOMER SYSTEM 12(n) USES PRINTER 32 
TO PRINT THE INDICIUM. 



J 



FIG , 3 
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FIG.2B 



109. POSTAL CUSTOMER SYSTEM 12(n) RECEIVES THE 
POSTAGE PURCHASE RESPONSE MESSAGE 



110. POSTAL CUSTOMER SYSTEM 12(n) LOADS THE 
POSTAGE INFORMATION IN THE POSTAGE DATABASE 31 



111. POSTAL CUSTOMER SYSTEM 12(n) GENERATES, FOR 
EACH PENNY OF POSTAGE, A PSEUDO-RANDOM 
NUMBER USING THE INFORMATION PROVIDED IN THE 
POSTAGE PURCHASE RESPONSE MESSAGE. 



112. POSTAL CUSTOMER SYSTEM 12(n) STORES EACH 
PSEUDO-RANDOM NUMBER SO GENERATED IN THE 
POSTAGE DATABASE ASSOCIATED WITH THE 
RESPECTIVE PENNY OF POSTAGE. 
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-NO- 



105. POSTAL OFFICE SYSTEM 11 DETERMINES FROM THE^ 
CUSTOMER DATABASE 21 WHETHER THE AMOUNT OF 
POSTAGE REQUESTED WOULD RESULT IN THE RUNNING 
TOTAL BEING GREATER THAN THE PREDETERMINED 
MAXIMUM AMOUNT WHICH CAN BE ALLOCATED FOR THE| 
POSTAL CUSTOMER'S POSTAL CUSTOMER IDENTIFIER. 



zS 



106. POSTAL OFFICE SYSTEM 11 ASSIGNS THE POSTAL 
CUSTOMER ANOTHER POSTAL CUSTOMER IDENTIFIER 



j 



107. POSTAL OFFICE SYSTEM 11 STORES INFORMATION 
IN THE CUSTOMER DATABASE 21 REPRESENTATIVE OF 
NEW POSTAL CUSTOMER IDENTIFIER. 



08. POSTAL OFFICE SYSTEM 1 1 GENERATES A 
POSTAGE PURCHASE RESPONSE MESSAGE FOR 
TRANSMISSION TO THE POSTAL CUSTOMER SYSTEM 
12(n) INCLUDING THE PERMISSION TO PRINT THE 
REQUESTED POSTAGE, INFORMATION THAT THE 
POSTAL CUSTOMER SYSTEM 12(n) WILL USE IN 
GENERATING THE INFORMATION IN THE P_RAND_NO 
PSEUDO-RANDOM NUMBER FIELD(S) OF THE 
RESPECTIVE POSTAL INDICIA, AND, IF THE POSTAL 
OFFICE SYSTEM 1 1 ASSIGNED THE POSTAL CUSTOMER A 
NEW POSTAL CUSTOMER IDENTIFIER, THE NEW POSTAL 
CUSTOMER IDENTIFIER 
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